According to the roles document it is possible for Trustee and stewards to blacklist each other. How is that process performed? If a trustee or steward is blacklisted, what happens to the identity owners that were added by them? Is there a revocation of every credential and DID added by anyone who had them in their trust web?

There is no domino effect with blacklisting, so when it happens, nobody else needs to worry.

The stewards and trustees are a check and balance on one another. We want to have some mechanism for locking out a rogue trustee or a rogue steward, and blacklisting is part of the answer. When we blacklist, all we’re doing is refusing to honor the normal privileges of that role. The identity still exists, but everybody else in the ecosystem has agreed to ignore their special privileges. This doesn’t have to be permanent; it might just be a tool we use temporarily, if a trustee or steward contacts others on backchannels and says, “Uh oh, I’ve been hacked.”